We outsmarted CSGO cheaters with IdentityLogger

I think a better question here is: why is game code so exploitable?

A: laziness and cost. It just doesn’t matter the same way that baking code matters, I guess.

So they toss on some cheap anti cheat instead of architecting it safely (expensively.)

No kidding, implementing multiplayer as a VNC session on a controlled server is very expensive.

> I think a better question here is: why is game code so exploitable?

The nature of FPS games means only environment integrity can stop cheating. It's not exploitable per se. Just the game skill can be done by a computer perfectly.

Conversely who knows how long it will take for AIs to play Hearthstone with never-before-seen-cards well.

Architecture can help up to a point but it can't stop everything - the usefulness of ESP can be reduced by not sending the client information it doesn't need to know, but that gets computationally expensive on the server, and culling information too aggressively can interfere with lag compensation. Perfect recoil compensation can be prevented by not replicating the servers RNG state on the client so it can't predict where the next bullet will go, which CS:GO started doing at some point. Aimbots though? Those are just automating an input the user could theoretically make legitimately, so you're pretty much stuck with statistical heuristics or client-side detection.

I think that's a very naïve way of looking at game development. There are many reasons why games are exploitable besides lack of reasonable dev effort.

- Almost all games are going to use a licensed or shared game engine. That means the softwsre architecture is already known to skilled cheat developers with reverse engineering skills.

- Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

- The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats. More advanced cheaters can use PCIe devices to read game memory, defeating that mitigation.

- TPMs cannot be trusted to secure games, as they are exploitable.

- Implementing any of these mitigations will break the game on certain devices, leading to user frustration, reputation damage, and lost revenue base.

- And most damning, AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

This isn't the better question.

When you have software running locally, you can arbitrarily modify how it runs.

Like an aimbot is a powerful cheat, and there's no amount of security that can prevent one from being used outside of an anticheat being able to look deep into what your system is doing, what it contains. The only way to prevent that kind of thing is to remove your control of your own computer.

And even then you could do aimbot with camera pointed on the screen and either faking a mouse or providing sensor sufficient data somehow to simulate movement... That is reach super human reaction times and accuracy...

It’s not that simple.

Some games aren’t able to prevent cheating. The client has the data on where the enemies on their screen are. The cheat only needs to move the mouse and click on the enemies heads. Other games like MMORPGs involve the cheat just playing the game and farming on behalf of the player.

It just becomes a cat and mouse game where the anti cheat is trying to detect something hooking into the game process while the cheat tries to hide itself.

> When you have software running locally, you can arbitrarily modify how it runs.

Well, you can on PC at least. Xbox and Playstation security has matured to the point that code modification in online games isn't really a thing anymore, the worst they have to deal with is controller macros most of the time.

Because at the end of the day the game is running on the user's machine, a machine in which the user has full access to every part of the execution and the software developer does not. You can only get around that by streaming the game instead of running it on the client side and even then an aimbot or some type of automation would be possible nowadays.

Until they get jailbroken that is. There is no such as a perfectly secure platform in which the user has complete physical control over it.

Priorities. Games need content and performance. Give game developers more budget, and they will work on making the game faster, fix game breaking bugs, and add content rather than make the game less exploitable.

And cheats do not always rely on exploitable bugs. A bot using screen capture and input device emulation works at the OS level and in other contexts (ex: accessibility), it would be a legitimate thing to do.

The PS4 and PS5 have been jailbroken numerous times, but...

1) Their secure boot implementation has never been broken, which means you can't upgrade from an exploitable version N firmware to a non-exploitable version N+1 while persisting a backdoor like you could on older systems like the PS3. You're stuck at version N until another exploit is found.

2) They rotate the crypto keys used for online play with every new firmware so they can easily lock those old exploitable firmwares out of online play for good, even if they try to spoof their version number. There's no getting around not having the new keys.

Meanwhile the Xbox One took a decade to get even a limited jailbreak that allows arbitrary code execution inside the game sandbox, but can't escape the game sandbox to take over the kernel, and the Xbox Series systems have yet to be jailbroken at all on any firmware.

Hypothetically being able to break anything with physical access doesn't count for much in practice if the thing you want to physically attack is buried inside a <7nm silicon die, doesn't trust anything outside of itself, and has countermeasures against fault injection attacks. The Switch may well be the last big victory for console hackers, the writing has been on the wall for years now.

I think GP's last line covers it. It's the same reason why DRM is ultimately ineffective, and why even companies that work hard and spend time and money to secure their infra still sometimes get popped: the game devs have to be perfect 100% of the time, but the cheaters only have to get lucky and find a flaw once.

> MMORPGs involve the cheat just playing the game and farming on behalf of the player

From a player perspective that's not cheating, that's running a bot. It's automation of a routine grind - which is typically designed to make players hate it and spend money instead. Automating boring stuff is simply natural.

For pay-to-win games it's effectively a balancing system, a pushback against player-hostile mechanics. Not unlike an adblocker on the web.

That's strictly in context of MMORPG genre, of course.

I wish I'd live to see the time of true cyborgs who will exceed ordinary human capabilities in some regard.

A couple of thoughts, but I largely agree with you.

> Obfuscating the game will only go so far, as demonstrated by the mixed success of Denuvo DRM.

Denuvo is for the most part DRM, rather than anticheat. It's goal is to stop people pirating the game during the launch window.

> The game will not be the most privileged process on the machine, while cheaters are glad to allow root/kernel access to cheats.

This ship has sailed. Modern Anticheat platforms are kernel level.

> TPMs cannot be trusted to secure games, as they are exploitable.

Disagree here - for the most part (XIM's being the notable exception) cheating is not a problem on console platforms.

> AI enabled cheats no longer need any internal access at all. They can simply monitor display output and automate user input to automate certain actions like perfect aim and perfect movement.

I don't think these are rampant, or even widespread yet. People joyfully claim that because cheats can be installed in hardware devices that there's no point in cheating, but the reality is the barrier to entry of these hyper advanced cheats _right now_ means that the mitigations that are currently in place are necessary and (somewhat) sufficient.

Probably three years

Oh, that's an easy one.

- GOOD software are simple and easy to understand, which makes it EASY to cheat.

- BAD software are needlessly complex and finicky, so it's HARD to rig it for a cheat.

- Anti-cheats intentionally make software BAD and over-complicated, so cheaters would have hard time modifying it. But computers are brittle and also aren't smarter than humans so cheaters will eventually find a way.

- Security is completely irrelevant topic since game clients are "bought" and run on your hardware; Digital Restrictions Management built to work against you as user is anti-consumer, anti-right-to-repair, anti-human, super bad thing, and lots of efforts are made to keep PC away from it as much as practical.

It has nothing to do with laziness or cost. If anything it'll be the best programmed game that gets hacked fastest. And PS2 that gets emulated last.

It's not AI enabled cheats that are the issue, it's DMA through things like PCIe devices disguised as regular hardware. Sophisticated cheats no longer run on the same computer as you're playing on. Google "pcie dma cheat" for a fun rabbit hole.

A very large amount of games that are released nowadays all use well known and well documented engines, that's what makes it a lot easier, there's an interview on YouTube with a company that develops cheats for multiple games that mention this here: https://youtu.be/zwruk-tLIOU?si=3O2jBKQneur-n3iS

> This ship has sailed. Modern Anticheat platforms are kernel level.

so you use a kernel level anti-anti-cheat

Right, but the barrier for entry for those cheats is huge - the sp605 board is $700, for example. There are cheaper ones, but you’re not going to have rampant cheating testing through games when you add hundreds in hardware to the requirements.

Antiecheats work in layers and are a game of cat and mouse. They can detect these things some times, and will ban them (and do hardware bans). The cheaters will rotate and move on, and the cycle continues. The goal of an effective anti cheat isn’t stop cheating, it’s be enough of a burden that your game isn’t ruined by cheaters, and not enough of a target to be fun for the cheat writers.

How attached and how technical does it have to be to be "cyborg".

Me with a pen and paper exceeds many human capabilites.

Likewise with wearables like a smartwatch.

Does it have to be direct neural integration to be a cyborg? Definitely people with profound brain injuries have been enhanced to the ability to interact again.

Good question! IMHO, it's a spectrum, of course, not a binary concept.

But if we have to define a criteria... I guess, integrated just enough so it can't be trivially removed, making it more of a "body part" rather than a "tool".

Point is, it'll certainly spark a discussion and re-evaluation of what's "fair", potentially shifting the consensus from somewhere around the current "glasses are fair game, but a programmable mouse is not" to somewhere more accepting of differently-abed individuals.

If you look on popular cheat forums, you'll find a newbie guide that links to recommended hardware, typically priced around $250 from memory, certainly not $700.

Also, spending hundreds on hardware is standard for anyone playing competitive games. For example, Escape from Tarkov's "unheard edition" costs $250 for just a single game, and people still buy it. When you factor in the cost of gaming mice, hall-effect sensor keyboards, 480Hz displays, and high-end systems, the total investment adds up quickly for improvements that will never match the capabilities of a cheat, which is how a lot of them also like to justify their cheating, it's simply the most cost effective way to dominate in a game, especially if your livelihood depends on it.

I don't disagree with the second half of your statement.